Re: brk randomization breaks columns

From: Arjan van de Ven
Date: Tue Feb 05 2008 - 10:00:39 EST

Next message: James Bottomley: "Re: [PATCH] enclosure: add support for enclosure services"
Previous message: Steve French: "Re: [2.6 patch] remove smbfs"
In reply to: Hugh Dickins: "Re: brk randomization breaks columns"
Next in thread: Pavel Machek: "Re: brk randomization breaks columns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> But I was myself surprised by your randomize_brk patch: like the
> buggy program, I'd imagined that data immediately followed by bss
> immediately followed by brk was an invariant (whereas I never
> supposed the position of the code had anything to do with it).
> Just my ignorance, but not surprising if it's shared by others.

the surprise also will be when gcc reorders your .data section for optimization,
and the variable you think is last.. no longer isn't.

>
> So, I didn't really expect the randomize_brk patch to get this far,
> thought it would hit trouble earlier. What to do now? On the one
> hand Pavel rightly regards this as a regression, on the other hand
> we've had programs which make bad assumptions about their address
> space layout before, and have not always deferred to them.
>
> If such cases are few (can we be sure of that yet?), is it going

it's for sure only few; this is the second known case is 5 years
that made this dicey assumption (RHEL/Fedora ship with this for 5 years or so now)
Various "secure" distros ship with brk detached as well (albeit via other methods)
for even longer.

> to be good enough to rely on adding the ELF note to disable their
> randomization?

sadly elfnotes are a sparse commodity.
>
> In my usual dither, I'm rather hoping Arjan will have a clear answer.

setarch works. If the apps come in source form they need fixing anyway (since I'd not be
surprised of current gcc reorders variables), if not.. we only have 2 cases,
the other case was the build process of emacs (which got fixed 5 years ago).
My personal guess is, if there's nothing more than "columns", lets swallow it.
If more show up, we need to rethink it. I somehow doubt more real apps will show
up given how widespread and long this patch was deployed... but turning of randomization
already exists via various methods, both global and per process.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Bottomley: "Re: [PATCH] enclosure: add support for enclosure services"
Previous message: Steve French: "Re: [2.6 patch] remove smbfs"
In reply to: Hugh Dickins: "Re: brk randomization breaks columns"
Next in thread: Pavel Machek: "Re: brk randomization breaks columns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]